Appendix A - Risk ranking of recommendations

Recommendation

Risk Ranking

Recommendation 1

It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division in collaboration with the Director General, Service Delivery and Program Management:

  • develop and implement a benefits realization framework and a System Development Life Cycle (SDLC) framework consistent with VAC agile practices and align these frameworks with the existing project management framework, and
  • develop additional guidance on the application of agile in the Department and publish the guidance on the Department’s intranet.

Important

Recommendation 2

It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division in collaboration with the Director General, Service Delivery and Program Management:

  • develop a more systematic approach for communication to users and subject matter experts as part of the agile process,
  • strengthen the organization’s change management capacity and methodology,
  • provide greater definition of the product owner role, and
  • develop a digital literacy strategy aligned to the Department’s digital strategy.

Essential

Recommendation 3

It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division, coordinate with SSC and develop and implement a plan to enable additional capacity for software development automation to align with the Department’s new agile process.

Important

Recommendation 4

It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division, and the Director General of Service Delivery and Program Management:

  • finalize the terms of reference and mandate of the Veterans Systems Priority Committee (VSPC),
  • communicate additional details to program areas on the product roadmap for key systems,
  • update the VSPC prioritization criteria and consult with program area representatives on the committee to ensure the criteria and prioritization process is clear and satisfactory.

Important
Critical:
Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a high level of risk.
Essential:
Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a moderate level of risk.
Important:
Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a low level of risk.
Date modified: